rfc9343.original   rfc9343.txt 
6MAN Working Group G. Fioccola Internet Engineering Task Force (IETF) G. Fioccola
Internet-Draft T. Zhou Request for Comments: 9343 T. Zhou
Intended status: Standards Track Huawei Category: Standards Track Huawei
Expires: 31 March 2023 M. Cociglio ISSN: 2070-1721 M. Cociglio
Telecom Italia Telecom Italia
F. Qin F. Qin
China Mobile China Mobile
R. Pang R. Pang
China Unicom China Unicom
27 September 2022 December 2022
IPv6 Application of the Alternate Marking Method IPv6 Application of the Alternate-Marking Method
draft-ietf-6man-ipv6-alt-mark-17
Abstract Abstract
This document describes how the Alternate Marking Method can be used This document describes how the Alternate-Marking Method can be used
as a passive performance measurement tool in an IPv6 domain. It as a passive performance measurement tool in an IPv6 domain. It
defines an Extension Header Option to encode Alternate Marking defines an Extension Header Option to encode Alternate-Marking
information in both the Hop-by-Hop Options Header and Destination information in both the Hop-by-Hop Options Header and Destination
Options Header. Options Header.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 31 March 2023. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9343.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Please review these documents carefully, as they describe your rights carefully, as they describe your rights and restrictions with respect
and restrictions with respect to this document. Code Components to this document. Code Components extracted from this document must
extracted from this document must include Revised BSD License text as include Revised BSD License text as described in Section 4.e of the
described in Section 4.e of the Trust Legal Provisions and are Trust Legal Provisions and are provided without warranty as described
provided without warranty as described in the Revised BSD License. in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology
1.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.2. Requirements Language
2. Alternate Marking application to IPv6 . . . . . . . . . . . . 3 2. Alternate-Marking Application to IPv6
2.1. Controlled Domain . . . . . . . . . . . . . . . . . . . . 5 2.1. Controlled Domain
2.1.1. Alternate Marking Measurement Domain . . . . . . . . 6 2.1.1. Alternate-Marking Measurement Domain
3. Definition of the AltMark Option . . . . . . . . . . . . . . 7 3. Definition of the AltMark Option
3.1. Data Fields Format . . . . . . . . . . . . . . . . . . . 7 3.1. Data Fields Format
4. Use of the AltMark Option . . . . . . . . . . . . . . . . . . 8 4. Use of the AltMark Option
5. Alternate Marking Method Operation . . . . . . . . . . . . . 10 5. Alternate-Marking Method Operation
5.1. Packet Loss Measurement . . . . . . . . . . . . . . . . . 10 5.1. Packet Loss Measurement
5.2. Packet Delay Measurement . . . . . . . . . . . . . . . . 12 5.2. Packet Delay Measurement
5.3. Flow Monitoring Identification . . . . . . . . . . . . . 13 5.3. Flow Monitoring Identification
5.4. Multipoint and Clustered Alternate Marking . . . . . . . 16 5.4. Multipoint and Clustered Alternate Marking
5.5. Data Collection and Calculation . . . . . . . . . . . . . 16 5.5. Data Collection and Calculation
6. Security Considerations . . . . . . . . . . . . . . . . . . . 16 6. Security Considerations
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 7. IANA Considerations
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20 8. References
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 8.1. Normative References
9.1. Normative References . . . . . . . . . . . . . . . . . . 21 8.2. Informative References
9.2. Informative References . . . . . . . . . . . . . . . . . 21 Acknowledgements
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23 Authors' Addresses
1. Introduction 1. Introduction
[I-D.ietf-ippm-rfc8321bis] and [I-D.ietf-ippm-rfc8889bis] describe a [RFC9341] and [RFC9342] describe a passive performance measurement
passive performance measurement method, which can be used to measure method, which can be used to measure packet loss, latency, and jitter
packet loss, latency and jitter on live traffic. Since this method on live traffic. Since this method is based on marking consecutive
is based on marking consecutive batches of packets, the method is batches of packets, the method is often referred to as the Alternate-
often referred to as the Alternate Marking Method. Marking Method.
This document defines how the Alternate Marking Method can be used to This document defines how the Alternate-Marking Method can be used to
measure performance metrics in IPv6. The rationale is to apply the measure performance metrics in IPv6. The rationale is to apply the
Alternate Marking methodology to IPv6 and therefore allow detailed Alternate-Marking methodology to IPv6 and therefore allow detailed
packet loss, delay and delay variation measurements both hop-by-hop packet loss, delay, and delay variation measurements both hop by hop
and end-to-end to exactly locate the issues in an IPv6 network. and end to end to exactly locate the issues in an IPv6 network.
The Alternate Marking is an on-path telemetry technique and consists Alternate Marking is an on-path telemetry technique and consists of
of synchronizing the measurements in different points of a network by synchronizing the measurements in different points of a network by
switching the value of a marking bit and therefore dividing the switching the value of a marking bit and therefore dividing the
packet flow into batches. Each batch represents a measurable entity packet flow into batches. Each batch represents a measurable entity
recognizable by all network nodes along the path. By counting the recognizable by all network nodes along the path. By counting the
number of packets in each batch and comparing the values measured by number of packets in each batch and comparing the values measured by
different nodes, it is possible to precisely measure the packet loss. different nodes, it is possible to precisely measure the packet loss.
Similarly, the alternation of the values of the marking bits can be Similarly, the alternation of the values of the marking bits can be
used as a time reference to calculate the delay and delay variation. used as a time reference to calculate the delay and delay variation.
The Alternate Marking operation is further described in Section 5. The Alternate-Marking operation is further described in Section 5.
This document introduces a TLV (type-length-value) that can be This document introduces a TLV (type-length-value) that can be
encoded in the Options Headers (Hop-by-Hop or Destination), according encoded in the Options Headers (Hop-by-Hop or Destination), according
to [RFC8200], for the purpose of the Alternate Marking Method to [RFC8200], for the purpose of the Alternate-Marking Method
application in an IPv6 domain. application in an IPv6 domain.
The Alternate Marking Method MUST be applied to IPv6 only in a The Alternate-Marking Method MUST be applied to IPv6 only in a
controlled environment, as further described in Section 2.1. controlled environment, as further described in Section 2.1.
[RFC8799] provides further discussion of network behaviors that can [RFC8799] provides further discussion of network behaviors that can
be applied only within limited domains. be applied only within limited domains.
The threat model for the application of the Alternate Marking Method The threat model for the application of the Alternate-Marking Method
in an IPv6 domain is reported in Section 6. in an IPv6 domain is reported in Section 6.
1.1. Terminology 1.1. Terminology
This document uses the terms related to the Alternate Marking Method This document uses the terms related to the Alternate-Marking Method
as defined in [I-D.ietf-ippm-rfc8321bis] and as defined in [RFC9341] and [RFC9342].
[I-D.ietf-ippm-rfc8889bis].
1.2. Requirements Language 1.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
2. Alternate Marking application to IPv6 2. Alternate-Marking Application to IPv6
The Alternate Marking Method requires a marking field. Several The Alternate-Marking Method requires a marking field. Several
alternatives could be considered such as IPv6 Extension Headers, IPv6 alternatives could be considered such as IPv6 Extension Headers, IPv6
Address and Flow Label. But, it is necessary to analyze the Address, and Flow Label. But, it is necessary to analyze the
drawbacks for all the available possibilities, more specifically: drawbacks for all the available possibilities, more specifically:
Reusing existing Extension Header for Alternate Marking leads to a * reusing an existing Extension Header for Alternate Marking leads
non-optimized implementation; to a non-optimized implementation;
Using the IPv6 destination address to encode the Alternate Marking * using the IPv6 destination address to encode the Alternate-Marking
processing is very expensive; processing is very expensive; and
Using the IPv6 Flow Label for Alternate Marking conflicts with the
utilization of the Flow Label for load distribution purpose * using the IPv6 Flow Label for Alternate Marking conflicts with the
([RFC6438]). utilization of the Flow Label for load distribution purposes
[RFC6438].
In the end, a Hop-by-Hop or a Destination Option is the best choice. In the end, a Hop-by-Hop or a Destination Option is the best choice.
The approach for the Alternate Marking application to IPv6 specified The approach for the Alternate-Marking application to IPv6 specified
in this memo is compliant with [RFC8200]. It involves the following in this memo is compliant with [RFC8200]. It involves the following
operations: operations:
* The source node is the only one that writes the Option Header to * The source node is the only one that writes the Options Header to
mark alternately the flow (for both Hop-by-Hop and Destination mark alternately the flow (for both the Hop-by-Hop and Destination
Option). The intermediate nodes and destination node MUST only Option). The intermediate nodes and destination node MUST only
read the marking values of the option without modifying the Option read the marking values of the Option without modifying the
Header. Options Header.
* In case of Hop-by-Hop Option Header carrying Alternate Marking * In case of a Hop-by-Hop Options Header carrying Alternate-Marking
bits, it is not inserted or deleted, but can be read by any node bits, the Options Header is not inserted or deleted on the path,
along the path. The intermediate nodes may be configured to but it can be read by any node along the path. The intermediate
support this Option or not and the measurement can be done only nodes may be configured to support this Option or not, and the
for the nodes configured to read the Option. As further discussed measurement can be done only for the nodes configured to read the
in Section 4, the presence of the hop-by-hop option should not Option. As further discussed in Section 4, the presence of the
affect the traffic throughput both on nodes that do not recognize Hop-by-Hop Option should not affect the traffic throughput both on
this option and on the nodes that support it. However, it is nodes that do not recognize this Option and on the nodes that
worth mentioning that there is a difference between theory and support it. However, it is worth mentioning that there is a
practice. Indeed, in a real implementation it can happen that difference between theory and practice. Indeed, in a real
packets with hop-by-hop option could also be skipped or processed implementation, it is possible for packets with a Hop-by-Hop
in the slow path. While some proposals are trying to address this Option to be skipped or processed in the slow path. While some
problem and make Hop-by-Hop Options more practical proposals are trying to address this problem and make Hop-by-Hop
([I-D.ietf-v6ops-hbh], [I-D.ietf-6man-hbh-processing]), these Options more practical (see [PROC-HBH-OPT-HEADER] and
aspects are out of the scope for this document. [HBH-OPTIONS-PROCESSING]), these aspects are out of the scope for
this document.
* In case of Destination Option Header carrying Alternate Marking * In case of a Destination Options Header carrying Alternate-Marking
bits, it is not processed, inserted, or deleted by any node along bits, it is not processed, inserted, or deleted by any node along
the path until the packet reaches the destination node. Note the path until the packet reaches the destination node. Note
that, if there is also a Routing Header (RH), any visited that, if there is also a Routing Header (RH), any visited
destination in the route list can process the Option Header. destination in the route list can process the Options Header.
Hop-by-Hop Option Header is also useful to signal to routers on the A Hop-by-Hop Options Header is also useful to signal to routers on
path to process the Alternate Marking. However, as said, routers the path to process the Alternate Marking. However, as said, routers
will only examine this option if properly configured. will only examine this Option if properly configured.
The optimization of both implementation and scaling of the Alternate The optimization of both implementation and the scaling of the
Marking Method is also considered and a way to identify flows is Alternate-Marking Method is also considered, and a way to identify
required. The Flow Monitoring Identification field (FlowMonID), as flows is required. The Flow Monitoring Identification (FlowMonID)
introduced in Section 5.3, goes in this direction and it is used to field, as introduced in Section 5.3, goes in this direction, and it
identify a monitored flow. is used to identify a monitored flow.
The FlowMonID is different from the Flow Label field of the IPv6 The FlowMonID is different from the Flow Label field of the IPv6
Header ([RFC6437]). The Flow Label field in the IPv6 header is used header [RFC6437]. The Flow Label field in the IPv6 header is used by
by a source to label sequences of packets to be treated in the a source to label sequences of packets to be treated in the network
network as a single flow and, as reported in [RFC6438], it can be as a single flow and, as reported in [RFC6438], it can be used for
used for load-balancing/equal cost multi-path (LB/ECMP). The reuse load balancing (LB) and equal-cost multipath (ECMP). The reuse of
of Flow Label field for identifying monitored flows is not considered the Flow Label field for identifying monitored flows is not
because it may change the application intent and forwarding behavior. considered because it may change the application intent and
Also, the Flow Label may be changed en route and this may also forwarding behavior. Also, the Flow Label may be changed en route,
invalidate the integrity of the measurement. Those reasons make the and this may also invalidate the integrity of the measurement. Those
definition of the FlowMonID necessary for IPv6. Indeed, the reasons make the definition of the FlowMonID necessary for IPv6.
FlowMonID is designed and only used to identify the monitored flow. Indeed, the FlowMonID is designed and only used to identify the
Flow Label and FlowMonID within the same packet are totally disjoint, monitored flow. Flow Label and FlowMonID within the same packet are
have different scope, are used to identify flows based on different totally disjoint, have different scopes, are used to identify flows
criteria, and are intended for different use cases. based on different criteria, and are intended for different use
cases.
The rationale for the FlowMonID is further discussed in Section 5.3. The rationale for the FlowMonID is further discussed in Section 5.3.
This 20 bit field allows easy and flexible identification of the This 20-bit field allows easy and flexible identification of the
monitored flow and enables improved measurement correlation and finer monitored flow and enables improved measurement correlation and finer
granularity since it can be used in combination with the traditional granularity since it can be used in combination with the conventional
TCP/IP 5-tuple to identify a flow. An important point that will be TCP/IP 5-tuple to identify a flow. An important point that will be
discussed in Section 5.3 is the uniqueness of the FlowMonID and how discussed in Section 5.3 is the uniqueness of the FlowMonID and how
to allow disambiguation of the FlowMonID in case of collision. to allow disambiguation of the FlowMonID in case of collision.
The following section highlights an important requirement for the The following section highlights an important requirement for the
application of the Alternate Marking to IPv6. The concept of the application of the Alternate Marking to IPv6. The concept of the
controlled domain is explained and it is considered an essential controlled domain is explained and is considered an essential
precondition, as also highlighted in Section 6. precondition, as also highlighted in Section 6.
2.1. Controlled Domain 2.1. Controlled Domain
IPv6 has much more flexibility than IPv4 and innovative applications IPv6 has much more flexibility than IPv4 and innovative applications
have been proposed, but for security and compatibility reasons, some have been proposed, but for security and compatibility reasons, some
of these applications are limited to a controlled environment. This of these applications are limited to a controlled environment. This
is also the case of the Alternate Marking application to IPv6 as is also the case of the Alternate-Marking application to IPv6 as
assumed hereinafter. In this regard, [RFC8799] reports further assumed hereinafter. In this regard, [RFC8799] reports further
examples of specific limited domain solutions. examples of specific limited domain solutions.
The IPv6 application of the Alternate Marking Method MUST be deployed The IPv6 application of the Alternate-Marking Method MUST be deployed
in a controlled domain. It is not common that the user traffic in a controlled domain. It is not common that the user traffic
originates and terminates within the controlled domain, as also noted originates and terminates within the controlled domain, as also noted
in Section 2.1.1. For this reason, it will typically only be in Section 2.1.1. For this reason, it will typically only be
applicable in an overlay network, where user traffic is encapsulated applicable in an overlay network, where user traffic is encapsulated
at one domain border, decapsulated at the other domain border and the at one domain border and decapsulated at the other domain border, and
encapsulation incorporates the relevant extension header for the encapsulation incorporates the relevant extension header for
Alternate Marking. This requirement also implies that an Alternate Marking. This requirement also implies that an
implementation MUST filter packets that carry Alternate Marking data implementation MUST filter packets that carry Alternate-Marking data
and are entering or leaving the controlled domain. and are entering or leaving the controlled domain.
A controlled domain is a managed network where it is required to A controlled domain is a managed network where it is required to
select, monitor and control the access to the network by enforcing select, monitor, and control the access to the network by enforcing
policies at the domain boundaries in order to discard undesired policies at the domain boundaries in order to discard undesired
external packets entering the domain and check the internal packets external packets entering the domain and check the internal packets
leaving the domain. It does not necessarily mean that a controlled leaving the domain. It does not necessarily mean that a controlled
domain is a single administrative domain or a single organization. A domain is a single administrative domain or a single organization. A
controlled domain can correspond to a single administrative domain or controlled domain can correspond to a single administrative domain or
can be composed by multiple administrative domains under a defined can be composed by multiple administrative domains under a defined
network management. Indeed, some scenarios may imply that the network management. Indeed, some scenarios may imply that the
Alternate Marking Method involves more than one domain, but in these Alternate-Marking Method involves more than one domain, but in these
cases, it is RECOMMENDED that the multiple domains create a whole cases, it is RECOMMENDED that the multiple domains create a whole
controlled domain while traversing the external domain by employing controlled domain while traversing the external domain by employing
IPsec [RFC4301] authentication and encryption or other VPN technology IPsec [RFC4301] authentication and encryption or other VPN technology
that provides full packet confidentiality and integrity protection. that provides full packet confidentiality and integrity protection.
In a few words, it must be possible to control the domain boundaries In a few words, it must be possible to control the domain boundaries
and eventually use specific precautions if the traffic traverse the and eventually use specific precautions if the traffic traverses the
Internet. Internet.
The security considerations reported in Section 6 also highlight this The security considerations reported in Section 6 also highlight this
requirement. requirement.
2.1.1. Alternate Marking Measurement Domain 2.1.1. Alternate-Marking Measurement Domain
The Alternate Marking measurement domain can overlap with the The Alternate-Marking measurement domain can overlap with the
controlled domain or may be a subset of the controlled domain. The controlled domain or may be a subset of the controlled domain. The
typical scenarios for the application of the Alternate Marking Method typical scenarios for the application of the Alternate-Marking Method
depend on the controlled domain boundaries, in particular: depend on the controlled domain boundaries; in particular:
the user equipment can be the starting or ending node, only in * The user equipment can be the starting or ending node only when/if
case it is fully managed and if it belongs to the controlled it is fully managed and belongs to the controlled domain. In this
domain. In this case the user generated IPv6 packets contain the case, the user-generated IPv6 packets contain the Alternate-
Alternate Marking data. But, in practice, this is not common due Marking data. But, in practice, this is not common due to the
to the fact that the user equipment cannot be totally secured in fact that the user equipment cannot be totally secured in the
the majority of cases. majority of cases.
the CPE (Customer Premises Equipment) or the PE (Provider Edge) * The Customer Premises Equipment (CPE) or the Provider Edge (PE)
routers are most likely to be the starting or ending nodes since routers are most likely to be the starting or ending nodes since
they can be border routers of the controlled domain. For they can be border routers of the controlled domain. For
instance, the CPE, which connects the user's premises with the instance, the CPE, which connects the user's premises with the
service provider's network, belongs to a controlled domain only if service provider's network, belongs to a controlled domain only if
it is managed by the service provider and if additional security it is managed by the service provider and if additional security
measures are taken to keep it trustworthy. Typically the CPE or measures are taken to keep it trustworthy. Typically, the CPE or
the PE can encapsulate a received packet in an outer IPv6 header the PE can encapsulate a received packet in an outer IPv6 header,
which contains the Alternate Marking data. They can also be able which contains the Alternate-Marking data. They are also able to
to filter and drop packets from outside of the domain with filter and drop packets from outside of the domain with
inconsistent fields to make effective the relevant security rules inconsistent fields to make effective the relevant security rules
at the domain boundaries, for example a simple security check can at the domain boundaries; for example, a simple security check can
be to insert the Alternate Marking data if and only if the be to insert the Alternate-Marking data if and only if the
destination is within the controlled domain. destination is within the controlled domain.
3. Definition of the AltMark Option 3. Definition of the AltMark Option
The definition of a TLV for the Options Extension Headers, carrying The definition of a TLV for the Extension Header Option, carrying the
the data fields dedicated to the Alternate Marking method, is data fields dedicated to the Alternate-Marking Method, is reported
reported below. below.
3.1. Data Fields Format 3.1. Data Fields Format
The following figure shows the data fields format for enhanced The following figure shows the data fields format for enhanced
Alternate Marking TLV (AltMark). This AltMark data can be Alternate-Marking TLV (AltMark). This AltMark data can be
encapsulated in the IPv6 Options Headers (Hop-by-Hop or Destination encapsulated in the IPv6 Options Headers (Hop-by-Hop or Destination
Option). Option).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Type | Opt Data Len | | Option Type | Opt Data Len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FlowMonID |L|D| Reserved | | FlowMonID |L|D| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
where: Where:
* Option Type: 8-bit identifier of the type of Option that needs to Option Type: 8-bit identifier of the type of Option that needs to be
be allocated. Unrecognized Types MUST be ignored on processing. allocated. Unrecognized Types MUST be ignored on processing. For
For Hop-by-Hop Options Header or Destination Options Header, the Hop-by-Hop Options Header or Destination Options Header,
[RFC8200] defines how to encode the three high-order bits of the [RFC8200] defines how to encode the three high-order bits of the
Option Type field. The two high-order bits specify the action Option Type field. The two high-order bits specify the action
that must be taken if the processing IPv6 node does not recognize that must be taken if the processing IPv6 node does not recognize
the Option Type; for AltMark these two bits MUST be set to 00 the Option Type; for AltMark, these two bits MUST be set to 00
(skip over this Option and continue processing the header). The (skip over this Option and continue processing the header). The
third-highest-order bit specifies whether the Option Data can third-highest-order bit specifies whether the Option Data can
change en route to the packet's final destination; for AltMark the change en route to the packet's final destination; for AltMark,
value of this bit MUST be set to 0 (Option Data does not change en the value of this bit MUST be set to 0 (Option Data does not
route). In this way, since the three high-order bits of the change en route). In this way, since the three high-order bits of
AltMark Option are set to 000, it means that nodes can simply skip the AltMark Option are set to 000, it means that nodes can simply
this Option if they do not recognize and that the data of this skip this Option if they do not recognize it and that the data of
Option do not change en route, indeed the source is the only one this Option does not change en route; indeed the source is the
that can write it. only one that can write it.
* Opt Data Len: 4. It is the length of the Option Data Fields of Opt Data Len: 4. It is the length of the Option Data Fields of this
this Option in bytes. Option in bytes.
* FlowMonID: 20-bit unsigned integer. The FlowMon identifier is FlowMonID: 20-bit unsigned integer. The FlowMon identifier is
described in Section 5.3. As further discussed below, it has been described in Section 5.3. As further discussed below, it has been
picked as 20 bits since it is a reasonable value and a good picked as 20 bits since it is a reasonable value and a good
compromise in relation to the chance of collision. It MUST be set compromise in relation to the chance of collision. It MUST be set
pseudo randomly by the source node or by a centralized controller. pseudo-randomly by the source node or by a centralized controller.
* L: Loss flag for Packet Loss Measurement as described in L: Loss flag for Packet Loss Measurement as described in
Section 5.1; Section 5.1.
* D: Delay flag for Single Packet Delay Measurement as described in D: Delay flag for Single Packet Delay Measurement as described in
Section 5.2; Section 5.2.
* Reserved: is reserved for future use. These bits MUST be set to Reserved: Reserved for future use. These bits MUST be set to zero
zero on transmission and ignored on receipt. on transmission and ignored on receipt.
4. Use of the AltMark Option 4. Use of the AltMark Option
The AltMark Option is the best way to implement the Alternate Marking The AltMark Option is the best way to implement the Alternate-Marking
method and it is carried by the Hop-by-Hop Options header and the Method, and it is carried by the Hop-by-Hop Options Header and the
Destination Options header. In case of Destination Option, it is Destination Options Header. In case of Destination Option, it is
processed only by the source and destination nodes: the source node processed only by the source and destination nodes: the source node
inserts and the destination node processes it. While, in case of inserts it and the destination node processes it. In case of the
Hop-by-Hop Option, it may be examined by any node along the path, if Hop-by-Hop Option, it may be examined by any node along the path if
explicitly configured to do so. explicitly configured to do so.
It is important to highlight that the Option Layout can be used both It is important to highlight that the Option Layout can be used both
as Destination Option and as Hop-by-Hop Option depending on the Use as the Destination Option and as the Hop-by-Hop Option depending on
Cases and it is based on the chosen type of performance measurement. the use cases, and it is based on the chosen type of performance
In general, it is needed to perform both end to end and hop by hop measurement. In general, it is needed to perform both end-to-end and
measurements, and the Alternate Marking methodology allows, by hop-by-hop measurements, and the Alternate-Marking methodology
definition, both performance measurements. In many cases the end-to- allows, by definition, both performance measurements. In many cases,
end measurement is not enough and it is required the hop-by-hop the end-to-end measurement may not be enough, and the hop-by-hop
measurement, so the most complete choice can be the Hop-by-Hop measurement is required. To meet this need, the most complete choice
Options Header. is the Hop-by-Hop Options Header.
IPv6, as specified in [RFC8200], allows nodes to optionally process IPv6, as specified in [RFC8200], allows nodes to optionally process
Hop-by-Hop headers. Specifically the Hop-by-Hop Options header is Hop-by-Hop headers. Specifically, the Hop-by-Hop Options Header is
not inserted or deleted, but may be examined or processed by any node not inserted or deleted, but it may be examined or processed by any
along a packet's delivery path, until the packet reaches the node (or node along a packet's delivery path, until the packet reaches the
each of the set of nodes, in the case of multicast) identified in the node (or each of the set of nodes in the case of multicast)
Destination Address field of the IPv6 header. Also, it is expected identified in the Destination Address field of the IPv6 header.
that nodes along a packet's delivery path only examine and process Also, it is expected that nodes along a packet's delivery path only
the Hop-by-Hop Options header if explicitly configured to do so. examine and process the Hop-by-Hop Options Header if explicitly
configured to do so.
Another scenario that can be mentioned is the presence of a Routing Another scenario is the presence of a Routing Header. Both Hop-by-
Header. Both Hop-by-Hop Options and Destination Options headers can Hop Options and Destination Options Headers can be used when a
be used when a Routing Header is present. Depending on where the Routing Header is present. Depending on where the Destination
Destination Options are situated in the header chain (before or after Options are situated in the header chain (before or after the Routing
the Routing Header if any), Destination Options headers can be Header if any), Destination Options Headers can be processed by
processed by either intermediate routers specified in the Routing either intermediate routers specified in the Routing Header or the
Header, or by the destination node. As an example, a type of Routing destination node. As an example, a type of Routing Header, referred
Header, referred as Segment Routing Header (SRH), has been defined in to as a Segment Routing Header (SRH), has been defined in [RFC8754]
[RFC8754] for Segment Routing over IPv6 dataplane (SRv6), and more for the Segment Routing over IPv6 (SRv6) data place, and more details
details about the SRv6 application can be found in about the SRv6 application can be found in [SRv6-AMM].
[I-D.fz-spring-srv6-alt-mark].
In summary, using these tools, it is possible to control on which In summary, using these tools, it is possible to control on which
nodes measurement occurs: nodes measurement occurs:
* Destination Option not preceding a Routing Header => measurement * Destination Option not preceding a Routing Header => measurement
only by node in Destination Address. only by node in Destination Address
* Hop-by-Hop Option => every router on the path with feature * Hop-by-Hop Option => every router on the path with feature enabled
enabled.
* Destination Option preceding a Routing Header => every destination * Destination Option preceding a Routing Header => every destination
node in the route list. node in the route list
In general, Hop-by-Hop and Destination Options are the most suitable In general, Hop-by-Hop and Destination Options are the most suitable
ways to implement Alternate Marking. ways to implement Alternate Marking.
It is worth mentioning that Hop-by-Hop Options are not strongly It is worth mentioning that Hop-by-Hop Options are not strongly
recommended in [RFC7045] and [RFC8200], unless there is a clear recommended in [RFC7045] and [RFC8200], unless there is a clear
justification to standardize it, because nodes may be configured to justification to standardize it, because nodes may be configured to
ignore the Options Header, drop or assign packets containing an ignore the Options Header or drop or assign packets containing an
Options Header to a slow processing path. In case of the AltMark Options Header to a slow processing path. In case of the AltMark
data fields described in this document, the motivation to standardize Data Fields described in this document, the motivation to standardize
a Hop-by-Hop Option is that it is needed for OAM (Operations, a Hop-by-Hop Option is that it is needed for Operations,
Administration, and Maintenance). An intermediate node can read it Administration, and Maintenance (OAM). An intermediate node can read
or not, but this does not affect the packet behavior. The source it or not, but this does not affect the packet behavior. The source
node is the only one that writes the Hop-by-Hop Option to mark node is the only one that writes the Hop-by-Hop Option to alternately
alternately the flow, so, the performance measurement can be done for mark the flow; therefore, the performance measurement can be done for
those nodes configured to read this Option, while the others are those nodes configured to read this Option, while the others are
simply not considered for the metrics. simply not considered for the metrics.
The Hop-by-Hop Option defined in this document is designed to take The Hop-by-Hop Option defined in this document is designed to take
advantage of the property of how Hop-by-Hop options are processed. advantage of the property of how Hop-by-Hop Options are processed.
Nodes that do not support this Option would be expected to ignore it Nodes that do not support this Option would be expected to ignore it
if encountered, according to the procedures of [RFC8200]. This can if encountered, according to the procedures of [RFC8200]. This can
mean that, in this case, the performance measurement does not account mean that, in this case, the performance measurement does not account
for all links and nodes along a path. The definition of the Hop-by- for all links and nodes along a path. The definition of the Hop-by-
Hop Options in this document is also designed to minimize throughput Hop Options in this document is also designed to minimize throughput
impact both on nodes that do not recognize the Option and on node impact both on nodes that do not recognize the Option and on nodes
that support it. Indeed, the three high-order bits of the Options that support it. Indeed, the three high-order bits of the Options
Header defined in this draft are 000 and, in theory, as per [RFC8200] Header defined in this document are 000 and, in theory, as per
and [I-D.ietf-6man-hbh-processing], this means "skip if do not [RFC8200] and [HBH-OPTIONS-PROCESSING], this means "skip if not
recognize and data do not change en route". [RFC8200] also mentions recognized and data does not change en route". [RFC8200] also
that the nodes only examine and process the Hop-by-Hop Options header mentions that the nodes only examine and process the Hop-by-Hop
if explicitly configured to do so. For these reasons, this Hop-by- Options Header if explicitly configured to do so. For these reasons,
Hop Option should not affect the throughput. However, in practice, this Hop-by-Hop Option should not affect the throughput. However, in
it is important to be aware that the things may be different in the practice, it is important to be aware that things may be different in
implementation and it can happen that packets with Hop-by-Hop are the implementation, and it can happen that packets with Hop by Hop
forced onto the slow path, but this is a general issue, as also are forced onto the slow path, but this is a general issue, as also
explained in [I-D.ietf-6man-hbh-processing]. It is also worth explained in [HBH-OPTIONS-PROCESSING]. It is also worth mentioning
mentioning that the application to a controlled domain should avoid that the application to a controlled domain should avoid the risk of
the risk of arbitrary nodes dropping packets with Hop-by-Hop Options. arbitrary nodes dropping packets with Hop-by-Hop Options.
5. Alternate Marking Method Operation 5. Alternate-Marking Method Operation
This section describes how the method operates. This section describes how the method operates. [RFC9341] introduces
[I-D.ietf-ippm-rfc8321bis] introduces several applicable methods several applicable methods, which are reported below, and an
which are reported below, and an additional field is introduced to additional field is introduced to facilitate the deployment and
facilitate the deployment and improve the scalability. improve the scalability.
5.1. Packet Loss Measurement 5.1. Packet Loss Measurement
The measurement of the packet loss is really straightforward in The measurement of the packet loss is really straightforward in
comparison to the existing mechanisms, as detailed in comparison to the existing mechanisms, as detailed in [RFC9341]. The
[I-D.ietf-ippm-rfc8321bis]. The packets of the flow are grouped into packets of the flow are grouped into batches, and all the packets
batches, and all the packets within a batch are marked by setting the within a batch are marked by setting the L bit (Loss flag) to a same
L bit (Loss flag) to a same value. The source node can switch the value. The source node can switch the value of the L bit between 0
value of the L bit between 0 and 1 after a fixed number of packets or and 1 after a fixed number of packets or according to a fixed timer,
according to a fixed timer, and this depends on the implementation. and this depends on the implementation. The source node is the only
The source node is the only one that marks the packets to create the one that marks the packets to create the batches, while the
batches, while the intermediate nodes only read the marking values intermediate nodes only read the marking values and identify the
and identify the packet batches. By counting the number of packets packet batches. By counting the number of packets in each batch and
in each batch and comparing the values measured by different network comparing the values measured by different network nodes along the
nodes along the path, it is possible to measure the packet loss path, it is possible to measure the packet loss that occurred in any
occurred in any single batch between any two nodes. Each batch single batch between any two nodes. Each batch represents a
represents a measurable entity recognizable by all network nodes measurable entity recognizable by all network nodes along the path.
along the path.
Both fixed number of packets and fixed timer can be used by the Both fixed number of packets and a fixed timer can be used by the
source node to create packet batches. But, as also explained in source node to create packet batches. But, as also explained in
[I-D.ietf-ippm-rfc8321bis], the timer-based batches are preferable [RFC9341], the timer-based batches are preferable because they are
because they are more deterministic than the counter-based batches. more deterministic than the counter-based batches. Unlike the timer-
There is no definitive rule for counter-based batches, differently based batches, there is no definitive rule for counter-based batches,
from timer-based batches. Using a fixed timer for the switching which are not considered in [RFC9341]. Using a fixed timer for the
offers better control over the method, indeed the length of the switching offers better control over the method; indeed, the length
batches can be chosen large enough to simplify the collection and the of the batches can be chosen large enough to simplify the collection
comparison of the measures taken by different network nodes. In the and the comparison of the measures taken by different network nodes.
implementation the counters can be sent out by each node to the In the implementation, the counters can be sent out by each node to
controller that is responsible for the calculation. It is also the controller that is responsible for the calculation. It is also
possible to exchange this information by using other on-path possible to exchange this information by using other on-path
techniques. But this is out of scope for this document. techniques, but this is out of scope for this document.
Packets with different L values may get swapped at batch boundaries, Packets with different L values may get swapped at batch boundaries,
and in this case, it is required that each marked packet can be and in this case, it is required that each marked packet can be
assigned to the right batch by each router. It is important to assigned to the right batch by each router. It is important to
mention that for the application of this method there are two mention that for the application of this method, there are two
elements to consider: the clock error between network nodes and the elements to consider: the clock error between network nodes and the
network delay. These can create offsets between the batches and out- network delay. These can create offsets between the batches and out-
of-order of the packets. The mathematical formula on timing aspects, of-order packets. The mathematical formula on timing aspects,
explained in section 5 of [I-D.ietf-ippm-rfc8321bis], must be explained in Section 5 of [RFC9341], must be satisfied, and it takes
satisfied and it takes into considerations the different causes of into consideration the different causes of reordering such as clock
reordering such as clock error and network delay. The assumption is error and network delay. The assumption is to define the available
to define the available counting interval where to get stable counting interval to get stable counters and to avoid these issues.
counters and to avoid these issues. Specifically, if the effects of Specifically, if the effects of network delay are ignored, the
network delay are ignored, the condition to implement the methodology condition to implement the methodology is that the clocks in
is that the clocks in different nodes MUST be synchronized to the different nodes MUST be synchronized to the same clock reference with
same clock reference with an accuracy of +/- B/2 time units, where B an accuracy of +/- B/2 time units, where B is the fixed time duration
is the fixed time duration of the batch. In this way each marked of the batch. In this way, each marked packet can be assigned to the
packet can be assigned to the right batch by each node. Usually the right batch by each node. Usually, the counters can be taken in the
counters can be taken in the middle of the batch period to be sure to middle of the batch period to be sure to read quiescent counters. In
read quiescent counters. In a few words this implies that the length a few words, this implies that the length of the batches MUST be
of the batches MUST be chosen large enough so that the method is not chosen large enough so that the method is not affected by those
affected by those factors. The length of the batches can be factors. The length of the batches can be determined based on the
determined based on the specific deployment scenario. specific deployment scenario.
L bit=1 ----------+ +-----------+ +---------- L bit=1 ----------+ +-----------+ +----------
| | | | | | | |
L bit=0 +-----------+ +-----------+ L bit=0 +-----------+ +-----------+
Batch n ... Batch 3 Batch 2 Batch 1 Batch n ... Batch 3 Batch 2 Batch 1
<---------> <---------> <---------> <---------> <---------> <---------> <---------> <---------> <---------> <--------->
Traffic Flow Traffic Flow
===========================================================> ===========================================================>
L bit ...1111111111 0000000000 11111111111 00000000000 111111111... L bit ...1111111111 0000000000 11111111111 00000000000 111111111...
===========================================================> ===========================================================>
Figure 1: Packet Loss Measurement and Single-Marking Methodology Figure 1: Packet Loss Measurement and Single-Marking Methodology
using L bit Using L Bit
It is worth mentioning that the duration of the batches is considered It is worth mentioning that the duration of the batches is considered
stable over time in the previous figure. In theory, it is possible stable over time in the previous figure. In theory, it is possible
to change the length of batches over time and among different flows to change the length of batches over time and among different flows
for more flexibility. But, in practice, it could complicate the for more flexibility. But, in practice, it could complicate the
correlation of the information. correlation of the information.
5.2. Packet Delay Measurement 5.2. Packet Delay Measurement
The same principle used to measure packet loss can be applied also to The same principle used to measure packet loss can also be applied to
one-way delay measurement. Delay metrics MAY be calculated using the one-way delay measurement. Delay metrics MAY be calculated using the
two possibilities: following two possibilities:
1. Single-Marking Methodology: This approach uses only the L bit to Single-Marking Methodology: This approach uses only the L bit to
calculate both packet loss and delay. In this case, the D flag calculate both packet loss and delay. In this case, the D flag
MUST be set to zero on transmit and ignored by the monitoring MUST be set to zero on transmit and ignored by the monitoring
points. The alternation of the values of the L bit can be used points. The alternation of the values of the L bit can be used as
as a time reference to calculate the delay. Whenever the L bit a time reference to calculate the delay. Whenever the L bit
changes and a new batch starts, a network node can store the changes and a new batch starts, a network node can store the
timestamp of the first packet of the new batch, that timestamp timestamp of the first packet of the new batch; that timestamp can
can be compared with the timestamp of the first packet of the be compared with the timestamp of the first packet of the same
same batch on a second node to compute packet delay. But this batch on a second node to compute packet delay. But, this
measurement is accurate only if no packet loss occurs and if measurement is accurate only if no packet loss occurs and if there
there is no packet reordering at the edges of the batches. A is no packet reordering at the edges of the batches. A different
different approach can also be considered and it is based on the approach can also be considered, and it is based on the concept of
concept of the mean delay. The mean delay for each batch is the mean delay. The mean delay for each batch is calculated by
calculated by considering the average arrival time of the packets considering the average arrival time of the packets for the
for the relative batch. There are limitations also in this case relative batch. There are limitations also in this case indeed;
indeed, each node needs to collect all the timestamps and each node needs to collect all the timestamps and calculate the
calculate the average timestamp for each batch. In addition, the average timestamp for each batch. In addition, the information is
information is limited to a mean value. limited to a mean value.
2. Double-Marking Methodology: This approach is more complete and Double-Marking Methodology: This approach is more complete and uses
uses the L bit only to calculate packet loss and the D bit (Delay the L bit only to calculate packet loss, and the D bit (Delay
flag) is fully dedicated to delay measurements. The idea is to flag) is fully dedicated to delay measurements. The idea is to
use the first marking with the L bit to create the alternate flow use the first marking with the L bit to create the alternate flow
and, within the batches identified by the L bit, a second marking and, within the batches identified by the L bit, a second marking
is used to select the packets for measuring delay. The D bit is used to select the packets for measuring delay. The D bit
creates a new set of marked packets that are fully identified creates a new set of marked packets that are fully identified over
over the network, so that a network node can store the timestamps the network so that a network node can store the timestamps of
of these packets; these timestamps can be compared with the these packets; these timestamps can be compared with the
timestamps of the same packets on a second node to compute packet timestamps of the same packets on a second node to compute packet
delay values for each packet. The most efficient and robust mode delay values for each packet. The most efficient and robust mode
is to select a single double-marked packet for each batch, in is to select a single double-marked packet for each batch; in this
this way there is no time gap to consider between the double- way, there is no time gap to consider between the double-marked
marked packets to avoid their reorder. Regarding the rule for packets to avoid their reorder. Regarding the rule for the
the selection of the packet to be double-marked, the same selection of the packet to be double-marked, the same
considerations in Section 5.1 apply also here and the double- considerations in Section 5.1 also apply here, and the double-
marked packet can be chosen within the available counting marked packet can be chosen within the available counting interval
interval that is not affected by factors such as clock errors. that is not affected by factors such as clock errors. If a
If a double-marked packet is lost, the delay measurement for the double-marked packet is lost, the delay measurement for the
considered batch is simply discarded, but this is not a big considered batch is simply discarded, but this is not a big
problem because it is easy to recognize the problematic batch and problem because it is easy to recognize the problematic batch and
skip the measurement just for that one. So in order to have more skip the measurement just for that one. So in order to have more
information about the delay and to overcome out-of-order issues information about the delay and to overcome out-of-order issues,
this method is preferred. this method is preferred.
In summary the approach with double marking is better than the In summary, the approach with Double Marking is better than the
approach with single marking. Moreover, the two approaches provide approach with Single Marking. Moreover, the two approaches provide
slightly different pieces of information and the data consumer can slightly different pieces of information, and the data consumer can
combine them to have a more robust data set. combine them to have a more robust data set.
Similar to what said in Section 5.1 for the packet counters, in the Similar to what is said in Section 5.1 for the packet counters, in
implementation the timestamps can be sent out to the controller that the implementation, the timestamps can be sent out to the controller
is responsible for the calculation or could also be exchanged using that is responsible for the calculation or exchanged using other on-
other on-path techniques. But this is out of scope for this path techniques. But, this is out of scope for this document.
document.
L bit=1 ----------+ +-----------+ +---------- L bit=1 ----------+ +-----------+ +----------
| | | | | | | |
L bit=0 +-----------+ +-----------+ L bit=0 +-----------+ +-----------+
D bit=1 + + + + + D bit=1 + + + + +
| | | | | | | | | |
D bit=0 ------+----------+----------+----------+------------+----- D bit=0 ------+----------+----------+----------+------------+-----
Traffic Flow Traffic Flow
===========================================================> ===========================================================>
L bit ...1111111111 0000000000 11111111111 00000000000 111111111... L bit ...1111111111 0000000000 11111111111 00000000000 111111111...
D bit ...0000010000 0000010000 00000100000 00001000000 000001000... D bit ...0000010000 0000010000 00000100000 00001000000 000001000...
===========================================================> ===========================================================>
Figure 2: Double-Marking Methodology using L bit and D bit Figure 2: Double-Marking Methodology Using L Bit and D Bit
Likewise to packet delay measurement (both for Single Marking and Likewise, to packet delay measurement (both for Single Marking and
Double Marking), the method can also be used to measure the inter- Double Marking), the method can also be used to measure the inter-
arrival jitter. arrival jitter.
5.3. Flow Monitoring Identification 5.3. Flow Monitoring Identification
The Flow Monitoring Identification (FlowMonID) identifies the flow to The Flow Monitoring Identification (FlowMonID) identifies the flow to
be measured and is required for some general reasons: be measured and is required for some general reasons:
First, it helps to reduce the per node configuration. Otherwise, * First, it helps to reduce the per-node configuration. Otherwise,
each node needs to configure an access-control list (ACL) for each each node needs to configure an access control list (ACL) for each
of the monitored flows. Moreover, using a flow identifier allows of the monitored flows. Moreover, using a flow identifier allows
a flexible granularity for the flow definition, indeed, it can be a flexible granularity for the flow definition; indeed, it can be
used together with other identifiers (e.g. 5-tuple). used together with other identifiers (e.g., 5-tuple).
Second, it simplifies the counters handling. Hardware processing * Second, it simplifies the counters handling. Hardware processing
of flow tuples (and ACL matching) is challenging and often incurs of flow tuples (and ACL matching) is challenging and often incurs
into performance issues, especially in tunnel interfaces. into performance issues, especially in tunnel interfaces.
Third, it eases the data export encapsulation and correlation for * Third, it eases the data export encapsulation and correlation for
the collectors. the collectors.
The FlowMonID MUST only be used as a monitored flow identifier in The FlowMonID MUST only be used as a monitored flow identifier in
order to determine a monitored flow within the measurement domain. order to determine a monitored flow within the measurement domain.
This entails not only an easy identification but improved correlation This entails not only an easy identification but improved correlation
as well. as well.
The FlowMonID allocation procedure can be stateful or stateless. In The FlowMonID allocation procedure can be stateful or stateless. In
case of a stateful approach, it is required that the FlowMonID case of a stateful approach, it is required that the FlowMonID
historic information can be stored and tracked in order to assign historic information can be stored and tracked in order to assign
unique values within the domain. This may imply a complex procedure unique values within the domain. This may imply a complex procedure,
and it is considered out of scope for this document. The stateless and it is considered out of scope for this document. The stateless
approach is described hereinafter where FlowMonID values are pseudo approach is described hereinafter where FlowMonID values are pseudo-
randomly generated. randomly generated.
The value of 20 bits has been selected for the FlowMonID since it is The value of 20 bits has been selected for the FlowMonID since it is
a good compromise and implies a low rate of ambiguous FlowMonIDs that a good compromise and implies a low rate of ambiguous FlowMonIDs that
can be considered acceptable in most of the applications. The can be considered acceptable in most of the applications. The
disambiguation issue can be solved by tagging the pseudo randomly disambiguation issue can be solved by tagging the pseudo-randomly
generated FlowMonID with additional flow information. In particular, generated FlowMonID with additional flow information. In particular,
it is RECOMMENDED to consider the 3-tuple FlowMonID, source and it is RECOMMENDED to consider the 3-tuple FlowMonID, source, and
destination addresses: destination addresses:
* If the 20 bit FlowMonID is set independently and pseudo randomly * If the 20-bit FlowMonID is set independently and pseudo-randomly
in a distributed way there is a chance of collision. Indeed, by in a distributed way, there is a chance of collision. Indeed, by
using the well-known birthday problem in probability theory, if using the well-known birthday problem in probability theory, if
the 20 bit FlowMonID is set independently and pseudo randomly the 20-bit FlowMonID is set independently and pseudo-randomly
without any additional input entropy, there is a 50% chance of without any additional input entropy, there is a 50% chance of
collision for 1206 flows. So, for more entropy, FlowMonID is collision for 1206 flows. So, for more entropy, FlowMonID is
combined with source and destination addresses. Since there is a combined with source and destination addresses. Since there is a
1% chance of collision for 145 flows, it is possible to monitor 1% chance of collision for 145 flows, it is possible to monitor
145 concurrent flows per host pairs with a 1% chance of collision. 145 concurrent flows per host pairs with a 1% chance of collision.
* If the 20 bits FlowMonID is set pseudo randomly but in a * If the 20-bit FlowMonID is set pseudo-randomly but in a
centralized way, the controller can instruct the nodes properly in centralized way, the controller can instruct the nodes properly in
order to guarantee the uniqueness of the FlowMonID. With 20 bits, order to guarantee the uniqueness of the FlowMonID. With 20 bits,
the number of combinations is 1048576, and the controller should the number of combinations is 1048576, and the controller should
ensure that all the FlowMonID values are used without any ensure that all the FlowMonID values are used without any
collision. Therefore, by considering source and destination collision. Therefore, by considering source and destination
addresses together with the FlowMonID, it can be possible to addresses together with the FlowMonID, it is possible to monitor
monitor 1048576 concurrent flows per host pairs. 1048576 concurrent flows per host pairs.
A consistent approach MUST be used in the Alternate Marking A consistent approach MUST be used in the Alternate-Marking
deployment to avoid the mixture of different ways of identifying. deployment to avoid the mixture of different ways of identifying.
All the nodes along the path and involved into the measurement SHOULD All the nodes along the path and involved in the measurement SHOULD
use the same mode for identification. As mentioned, it is use the same mode for identification. As mentioned, it is
RECOMMENDED to use the FlowMonID for identification purpose in RECOMMENDED to use the FlowMonID for identification purposes in
combination with source and destination addresses to identify a flow. combination with source and destination addresses to identify a flow.
By considering source and destination addresses together with the By considering source and destination addresses together with the
FlowMonID it can be possible to monitor 145 concurrent flows per host FlowMonID, it is possible to monitor 145 concurrent flows per host
pairs with a 1% chance of collision in case of pseudo randomly pairs with a 1% chance of collision in case of pseudo-randomly
generated FlowMonID, or 1048576 concurrent flows per host pairs in generated FlowMonID, or 1048576 concurrent flows per host pairs in
case of centralized controller. It is worth mentioning that the case of a centralized controller. It is worth mentioning that the
solution with the centralized control allows finer granularity and solution with the centralized control allows finer granularity and
therefore adds even more flexibility to the flow identification. therefore adds even more flexibility to the flow identification.
The FlowMonID field is set at the source node, which is the ingress The FlowMonID field is set at the source node, which is the ingress
point of the measurement domain, and can be set in two ways: point of the measurement domain, and can be set in two ways:
a. It can be algorithmically generated by the source node, that can * It can be algorithmically generated by the source node, which can
set it pseudo-randomly with some chance of collision. This set it pseudo-randomly with some chance of collision. This
approach cannot guarantee the uniqueness of FlowMonID since approach cannot guarantee the uniqueness of FlowMonID since
conflicts and collisions are possible. But, considering the conflicts and collisions are possible. But, considering the
recommendation to use FlowMonID with source and destination recommendation to use FlowMonID with source and destination
addresses the conflict probability is reduced due to the addresses, the conflict probability is reduced due to the
FlowMonID space available for each endpoint pair (i.e. 145 flows FlowMonID space available for each endpoint pair (i.e., 145 flows
with 1% chance of collision). with 1% chance of collision).
b. It can be assigned by the central controller. Since the * It can be assigned by the central controller. Since the
controller knows the network topology, it can allocate the value controller knows the network topology, it can allocate the value
properly to avoid or minimize ambiguity and guarantee the properly to avoid or minimize ambiguity and guarantee the
uniqueness. In this regard, the controller can verify that there uniqueness. In this regard, the controller can verify that there
is no ambiguity between different pseudo-randomly generated is no ambiguity between different pseudo-randomly generated
FlowMonIDs on the same path. The conflict probability is really FlowMonIDs on the same path. The conflict probability is really
small given that the FlowMonID is coupled with source and small given that the FlowMonID is coupled with source and
destination addresses and up to 1048576 flows can be monitored destination addresses, and up to 1048576 flows can be monitored
for each endpoint pair. When all values in the FlowMonID space for each endpoint pair. When all values in the FlowMonID space
are consumed, the centralized controller can keep track and are consumed, the centralized controller can keep track and
reassign the values that are not used any more by old flows. reassign the values that are not used any more by old flows.
If the FlowMonID is set by the source node, the intermediate nodes If the FlowMonID is set by the source node, the intermediate nodes
can read the FlowMonIDs from the packets in flight and act can read the FlowMonIDs from the packets in flight and act
accordingly. While, if the FlowMonID is set by the controller, both accordingly. If the FlowMonID is set by the controller, both
possibilities are feasible for the intermediate nodes which can learn possibilities are feasible for the intermediate nodes, which can
by reading the packets or can be instructed by the controller. learn by reading the packets or can be instructed by the controller.
The FlowMonID setting by the source node may seem faster and more The FlowMonID setting by the source node may seem faster and more
scalable than the FlowMonID setting by the controller. But, it is scalable than the FlowMonID setting by the controller. But, it is
supposed that the controller does not slow the process since it can supposed that the controller does not slow the process since it can
enable Alternate Marking method and its parameters (like FlowMonID) enable the Alternate-Marking Method and its parameters (like
together with the flow instantiation, as further described in FlowMonID) together with the flow instantiation, as further described
[I-D.ietf-idr-sr-policy-ifit] and [I-D.chen-pce-pcep-ifit]. in [BGP-SR-POLICY-IFIT] and [PCEP-IFIT].
5.4. Multipoint and Clustered Alternate Marking 5.4. Multipoint and Clustered Alternate Marking
The Alternate Marking method can be extended to any kind of The Alternate-Marking Method can be extended to any kind of
multipoint to multipoint paths. [I-D.ietf-ippm-rfc8321bis] only multipoint-to-multipoint paths. [RFC9341] only applies to point-to-
applies to point-to-point unicast flows, while the Multipoint point unicast flows, while the Clustered Alternate-Marking Method,
Alternate Marking Clustered method, introduced in introduced in [RFC9342], is valid for multipoint-to-multipoint
[I-D.ietf-ippm-rfc8889bis], is valid for multipoint-to-multipoint unicast flows, anycast, and ECMP flows.
unicast flows, anycast and ECMP flows.
[I-D.ietf-ippm-rfc8889bis] describes the network clustering approach [RFC9342] describes the network clustering approach, which allows a
which allows a flexible and optimized performance measurement. A flexible and optimized performance measurement. A cluster is the
Cluster is the smallest identifiable non-trivial subnetwork of the smallest identifiable non-trivial subnetwork of the entire network
entire Network graph that still satisfies the condition that the graph that still satisfies the condition that the number of packets
number of packets that goes in is the same that goes out. With that goes in is the same number that goes out. With network
network clustering, it is possible to use the partition of the clustering, it is possible to partition the network into clusters at
network into clusters at different levels in order to perform the different levels in order to perform the needed degree of detail.
needed degree of detail.
For Multipoint Alternate Marking, FlowMonID can identify in general a For Multipoint Alternate Marking, FlowMonID can identify in general a
multipoint-to-multipoint flow and not only a point-to-point flow. multipoint-to-multipoint flow and not only a point-to-point flow.
5.5. Data Collection and Calculation 5.5. Data Collection and Calculation
The nodes enabled to perform performance monitoring collect the value The nodes enabled to perform performance monitoring collect the value
of the packet counters and timestamps. There are several of the packet counters and timestamps. There are several
alternatives to implement Data Collection and Calculation, but this alternatives to implement data collection and calculation, but this
is not specified in this document. is not specified in this document.
There are documents on the control plane mechanisms of Alternate There are documents on the control plane mechanisms of Alternate
Marking, e.g. [I-D.ietf-idr-sr-policy-ifit], Marking, e.g., [BGP-SR-POLICY-IFIT] and [PCEP-IFIT].
[I-D.chen-pce-pcep-ifit].
6. Security Considerations 6. Security Considerations
This document aims to apply a method to perform measurements that This document aims to apply a method to the performance measurements
does not directly affect Internet security nor applications that run that does not directly affect Internet security nor applications that
on the Internet. However, implementation of this method must be run on the Internet. However, implementation of this method must be
mindful of security and privacy concerns. mindful of security and privacy concerns.
There are two types of security concerns: potential harm caused by There are two types of security concerns: potential harm caused by
the measurements and potential harm to the measurements. the measurements and potential harm to the measurements.
Harm caused by the measurement: Alternate Marking implies the Harm caused by the measurement: Alternate Marking implies the
insertion of an Option Header to the IPv6 packets by the source node, insertion of an Options Header to the IPv6 packets by the source
but this must be performed in a way that does not alter the quality node, but this must be performed in a way that does not alter the
of service experienced by the packets and that preserves stability quality of service experienced by the packets and that preserves
and performance of routers doing the measurements. As already stability and performance of routers doing the measurements. As
discussed in Section 4, the design of the AltMark Option has been already discussed in Section 4, the design of the AltMark Option
chosen with throughput in mind, such that it can be implemented has been chosen with throughput in mind, such that it can be
without affecting the user experience. implemented without affecting the user experience.
Harm to the measurement: Alternate Marking measurements could be Harm to the measurement: Alternate-Marking measurements could be
harmed by routers altering the fields of the AltMark Option (e.g. harmed by routers altering the fields of the AltMark Option (e.g.,
marking of the packets, FlowMonID) or by a malicious attacker adding marking of the packets or FlowMonID) or by a malicious attacker
AltMark Option to the packets in order to consume the resources of adding the AltMark Option to the packets in order to consume the
network devices and entities involved. As described above, the resources of network devices and entities involved. As described
source node is the only one that writes the Option Header while the above, the source node is the only one that writes the Options
intermediate nodes and destination node only read it without Header while the intermediate nodes and destination node only read
modifying the Option Header. But, for example, an on-path attacker it without modifying the Options Header. But, for example, an on-
can modify the flags, whether intentionally or accidentally, or path attacker can modify the flags, whether intentionally or
deliberately insert an option to the packet flow or delete the option accidentally, or deliberately insert an Option to the packet flow
from the packet flow. The consequent effect could be to give the or delete the Option from the packet flow. The consequent effect
appearance of loss or delay or invalidate the measurement by could be to give the appearance of loss or delay or to invalidate
modifying option identifiers, such as FlowMonID. The malicious the measurement by modifying Option identifiers, such as
implication can be to cause actions from the network administrator FlowMonID. The malicious implication can be to cause actions from
where an intervention is not necessary or to hide real issues in the the network administrator where an intervention is not necessary
network. Since the measurement itself may be affected by network or to hide real issues in the network. Since the measurement
nodes intentionally altering the bits of the AltMark Option or itself may be affected by network nodes intentionally altering the
injecting Options headers as a means for Denial of Service (DoS), the bits of the AltMark Option or injecting Options Headers as a means
Alternate Marking MUST be applied in the context of a controlled for Denial of Service (DoS), the Alternate Marking MUST be applied
domain, where the network nodes are locally administered and this in the context of a controlled domain, where the network nodes are
type of attack can be avoided. For this reason, the implementation locally administered and this type of attack can be avoided. For
of the method is not done on the end node if it is not fully managed this reason, the implementation of the method is not done on the
and does not belong to the controlled domain. Packets generated end node if it is not fully managed and does not belong to the
outside the controlled domain may consume router resources by controlled domain. Packets generated outside the controlled
maliciously using the HbH Option, but this can be mitigated by domain may consume router resources by maliciously using the Hop-
filtering these packets at the controlled domain boundary. This can by-Hop Option, but this can be mitigated by filtering these
be done because, if the end node does not belong to the controlled packets at the controlled domain boundary. This can be done
domain, it is not supposed to add the AltMark HbH Option, and it can because if the end node does not belong to the controlled domain,
be easily recognized. it is not supposed to add the AltMark Hop-by-Hop Option, and it
can be easily recognized.
An attacker that does not belong to the controlled domain can An attacker that does not belong to the controlled domain can
maliciously send packets with AltMark Option. But if Alternate maliciously send packets with the AltMark Option. But, if Alternate
Marking is not supported in the controlled domain, no problem happens Marking is not supported in the controlled domain, no problem happens
because the AltMark Option is treated as any other unrecognized because the AltMark Option is treated as any other unrecognized
option and will not be considered by the nodes since they are not Option and will not be considered by the nodes since they are not
configured to deal with it, so the only effect is the increased configured to deal with it; so, the only effect is the increased
packet size (by 48 bits). While if Alternate Marking is supported in packet size (by 48 bits). If Alternate Marking is supported in the
the controlled domain, it is also necessary to avoid that the controlled domain, it is necessary to keep the measurements from
measurements are affected and external packets with AltMark Option being affected, and external packets with the AltMark Option MUST be
MUST be filtered. As any other Hop-by-Hop Options or Destination filtered. As any other Hop-by-Hop Options or Destination Options, it
Options, it is possible to filter AltMark Options entering or leaving is possible to filter AltMark Options entering or leaving the domain,
the domain e.g. by using ACL extensions for filtering. e.g., by using ACL extensions for filtering.
The flow identifier (FlowMonID), together with the two marking bit (L The flow identifier (FlowMonID), together with the two marking bits
and D), comprises the AltMark Option. As explained in Section 5.3, (L and D), comprises the AltMark Option. As explained in
there is a chance of collision if the FlowMonID is set pseudo Section 5.3, there is a chance of collision if the FlowMonID is set
randomly but that there is a solution for this issue. In general pseudo-randomly, but there is a solution for this issue. In general,
this may not be a problem and a low rate of ambiguous FlowMonIDs can this may not be a problem, and a low rate of ambiguous FlowMonIDs can
be acceptable, since this does not cause significant harm to the be acceptable since this does not cause significant harm to the
operators or their clients and this harm may not justify the operators or their clients, and this harm may not justify the
complications of avoiding it. But, for large scale measurements, a complications of avoiding it. But, for large scale measurements, a
big number of flows could be monitored and the probability of a big number of flows could be monitored and the probability of a
collision is higher, thus the disambiguation of the FlowMonID field collision is higher; thus, the disambiguation of the FlowMonID field
can be considered. can be considered.
The privacy concerns also need to be analyzed even if the method only The privacy concerns also need to be analyzed even if the method only
relies on information contained in the Option Header without any relies on information contained in the Options Header without any
release of user data. Indeed, from a confidentiality perspective, release of user data. Indeed, from a confidentiality perspective,
although AltMark Option does not contain user data, the metadata can although the AltMark Option does not contain user data, the metadata
be used for network reconnaissance to compromise the privacy of users can be used for network reconnaissance to compromise the privacy of
by allowing attackers to collect information about network users by allowing attackers to collect information about network
performance and network paths. AltMark Option contains two kinds of performance and network paths. The AltMark Option contains two kinds
metadata: the marking bits (L and D bits) and the flow identifier of metadata: the marking bits (L and D) and the flow identifier
(FlowMonID). (FlowMonID).
The marking bits are the small information that is exchanged * The marking bits are the small information that is exchanged
between the network nodes. Therefore, due to this intrinsic between the network nodes. Therefore, due to this intrinsic
characteristic, network reconnaissance through passive characteristic, network reconnaissance through passive
eavesdropping on data-plane traffic is difficult. Indeed, an eavesdropping on data plane traffic is difficult. Indeed, an
attacker cannot gain information about network performance from a attacker cannot gain information about network performance from a
single monitoring point. The only way for an attacker can be to single monitoring point. The only way for an attacker can be to
eavesdrop on multiple monitoring points at the same time, because eavesdrop on multiple monitoring points at the same time, because
they have to do the same kind of calculation and aggregation as they have to do the same kind of calculation and aggregation as
Alternate Marking requires. Alternate Marking requires.
The FlowMonID field is used in the AltMark Option as the * The FlowMonID field is used in the AltMark Option as the
identifier of the monitored flow. It represents a more sensitive identifier of the monitored flow. It represents more sensitive
information for network reconnaissance and may allow a flow information for network reconnaissance and may allow a flow
tracking type of attack because an attacker could collect tracking type of attack because an attacker could collect
information about network paths. information about network paths.
Furthermore, in a pervasive surveillance attack, the information that Furthermore, in a pervasive surveillance attack, the information that
can be derived over time is more. But, as further described can be derived over time is more. But, as further described
hereinafter, the application of the Alternate Marking to a controlled hereinafter, the application of the Alternate Marking to a controlled
domain helps to mitigate all the above aspects of privacy concerns. domain helps to mitigate all the above aspects of privacy concerns.
At the management plane, attacks can be set up by misconfiguring or At the management plane, attacks can be set up by misconfiguring or
by maliciously configuring AltMark Option. Thus, AltMark Option by maliciously configuring the AltMark Option. Thus, AltMark Option
configuration MUST be secured in a way that authenticates authorized configuration MUST be secured in a way that authenticates authorized
users and verifies the integrity of configuration procedures. users and verifies the integrity of configuration procedures.
Solutions to ensure the integrity of AltMark Option are outside the Solutions to ensure the integrity of the AltMark Option are outside
scope of this document. Also, attacks on the reporting of the the scope of this document. Also, attacks on the reporting of the
statistics between the monitoring points and the network management statistics between the monitoring points and the network management
system (e.g. centralized controller) can interfere with the proper system (e.g., centralized controller) can interfere with the proper
functioning of the system. Hence, the channels used to report back functioning of the system. Hence, the channels used to report back
flow statistics MUST be secured. flow statistics MUST be secured.
As stated above, the precondition for the application of the As stated above, the precondition for the application of the
Alternate Marking is that it MUST be applied in specific controlled Alternate Marking is that it MUST be applied in specific controlled
domains, thus confining the potential attack vectors within the domains, thus confining the potential attack vectors within the
network domain. A limited administrative domain provides the network network domain. A limited administrative domain provides the network
administrator with the means to select, monitor and control the administrator with the means to select, monitor, and control the
access to the network, making it a trusted domain. In this regard it access to the network, making it a trusted domain. In this regard,
is expected to enforce policies at the domain boundaries to filter it is expected to enforce policies at the domain boundaries to filter
both external packets with AltMark Option entering the domain and both external packets with the AltMark Option entering the domain and
internal packets with AltMark Option leaving the domain. Therefore, internal packets with the AltMark Option leaving the domain.
the trusted domain is unlikely subject to hijacking of packets since Therefore, the trusted domain is unlikely subject to the hijacking of
packets with AltMark Option are processed and used only within the packets since packets with AltMark Option are processed and used only
controlled domain. within the controlled domain.
As stated, the application to a controlled domain ensures the control As stated, the application to a controlled domain ensures control
over the packets entering and leaving the domain, but despite that, over the packets entering and leaving the domain, but despite that,
leakages may happen for different reasons, such as a failure or a leakages may happen for different reasons such as a failure or a
fault. In this case, nodes outside the domain are expected to ignore fault. In this case, nodes outside the domain are expected to ignore
packets with AltMark Option since they are not configured to handle packets with the AltMark Option since they are not configured to
it and should not process it. handle it and should not process it.
Additionally, it is to be noted that the AltMark Option is carried by Additionally, note that the AltMark Option is carried by the Options
the Options Header and it will have some impact on the packet sizes Header and it will have some impact on the packet sizes for the
for the monitored flow and on the path MTU, since some packets might monitored flow and on the path MTU since some packets might exceed
exceed the MTU. However, the relative small size (48 bit in total) the MTU. However, the relative small size (48 bits in total) of
of these Option Headers and its application to a controlled domain these Options Headers and its application to a controlled domain help
help to mitigate the problem. to mitigate the problem.
It is worth mentioning that the security concerns may change based on It is worth mentioning that the security concerns may change based on
the specific deployment scenario and related threat analysis, which the specific deployment scenario and related threat analysis, which
can lead to specific security solutions that are beyond the scope of can lead to specific security solutions that are beyond the scope of
this document. As an example, the AltMark Option can be used as Hop- this document. As an example, the AltMark Option can be used as a
by-Hop or Destination Option and, in case of Destination Option, Hop-by-Hop or Destination Option and, in case of a Destination
multiple administrative domains may be traversed by the AltMark Option, multiple administrative domains may be traversed by the
Option that is not confined to a single administrative domain. In AltMark Option that is not confined to a single administrative
this case, the user, aware of the kind of risks, may still want to domain. In this case, the user, who is aware of the kind of risks,
use Alternate Marking for telemetry and test purposes but the may still want to use Alternate Marking for telemetry and test
controlled domain must be composed by more than one administrative purposes, but the controlled domain must be composed by more than one
domains. To this end, the inter-domain links need to be secured administrative domain. To this end, the inter-domain links need to
(e.g., by IPsec, VPNs) in order to avoid external threats and realize be secured (e.g., by IPsec or VPNs) in order to avoid external
the whole controlled domain. threats and realize the whole controlled domain.
It might be theoretically possible to modulate the marking or the It might be theoretically possible to modulate the marking or the
other fields of the AltMark Option to serve as a covert channel to be other fields of the AltMark Option to serve as a covert channel to be
used by an on-path observer. This may affect both the data and used by an on-path observer. This may affect both the data and
management plane, but, here too, the application to a controlled management plane, but, here too, the application to a controlled
domain helps to reduce the effects. domain helps to reduce the effects.
The Alternate Marking application described in this document relies The Alternate-Marking application described in this document relies
on a time synchronization protocol. Thus, by attacking the time on a time synchronization protocol. Thus, by attacking the time
protocol, an attacker can potentially compromise the integrity of the protocol, an attacker can potentially compromise the integrity of the
measurement. A detailed discussion about the threats against time measurement. A detailed discussion about the threats against time
protocols and how to mitigate them is presented in [RFC7384]. protocols and how to mitigate them is presented in [RFC7384].
Network Time Security (NTS), described in [RFC8915], is a mechanism Network Time Security (NTS), described in [RFC8915], is a mechanism
that can be employed. Also, the time, which is distributed to the that can be employed. Also, the time, which is distributed to the
network nodes through the time protocol, is centrally taken from an network nodes through the time protocol, is centrally taken from an
external accurate time source, such as an atomic clock or a GPS external accurate time source such as an atomic clock or a GPS clock.
clock. By attacking the time source it can be possible to compromise By attacking the time source, it is possible to compromise the
the integrity of the measurement as well. There are security integrity of the measurement as well. There are security measures
measures that can be taken to mitigate the GPS spoofing attacks and a that can be taken to mitigate the GPS spoofing attacks, and a network
network administrator should certainly employ solutions to secure the administrator should certainly employ solutions to secure the network
network domain. domain.
7. IANA Considerations 7. IANA Considerations
The Option Type should be assigned in IANA's "Destination Options and IANA has allocated the Option Type in the "Destination Options and
Hop-by-Hop Options" registry. Hop-by-Hop Options" subregistry of the "Internet Protocol Version 6
(IPv6) Parameters" registry (<https://www.iana.org/assignments/
This draft requests the following IPv6 Option Type assignment from ipv6-parameters/>) as follows:
the Destination Options and Hop-by-Hop Options sub-registry of
Internet Protocol Version 6 (IPv6) Parameters
(https://www.iana.org/assignments/ipv6-parameters/).
Hex Value Binary Value Description Reference
act chg rest
----------------------------------------------------------------
TBD 00 0 tbd AltMark [This draft]
8. Acknowledgements
The authors would like to thank Bob Hinden, Ole Troan, Martin Duke,
Lars Eggert, Roman Danyliw, Alvaro Retana, Eric Vyncke, Warren
Kumari, Benjamin Kaduk, Stewart Bryant, Christopher Wood, Yoshifumi
Nishida, Tom Herbert, Stefano Previdi, Brian Carpenter, Greg Mirsky,
Ron Bonica for the precious comments and suggestions.
9. References +===========+===================+=============+===========+
| Hex Value | Binary Value | Description | Reference |
+===========+=====+=====+=======+=============+===========+
| | act | chg | rest | | |
+===========+=====+=====+=======+=============+===========+
| 0x12 | 00 | 0 | 10010 | AltMark | RFC 9343 |
+-----------+-----+-----+-------+-------------+-----------+
9.1. Normative References Table 1: Destination Options and Hop-by-Hop Options
Registry
[I-D.ietf-ippm-rfc8321bis] 8. References
Fioccola, G., Cociglio, M., Mirsky, G., Mizrahi, T., and
T. Zhou, "Alternate-Marking Method", Work in Progress,
Internet-Draft, draft-ietf-ippm-rfc8321bis-03, 25 July
2022, <https://www.ietf.org/archive/id/draft-ietf-ippm-
rfc8321bis-03.txt>.
[I-D.ietf-ippm-rfc8889bis] 8.1. Normative References
Fioccola, G., Cociglio, M., Sapio, A., Sisto, R., and T.
Zhou, "Clustered Alternate-Marking Method", Work in
Progress, Internet-Draft, draft-ietf-ippm-rfc8889bis-04,
26 September 2022, <https://www.ietf.org/archive/id/draft-
ietf-ippm-rfc8889bis-04.txt>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200, (IPv6) Specification", STD 86, RFC 8200,
DOI 10.17487/RFC8200, July 2017, DOI 10.17487/RFC8200, July 2017,
<https://www.rfc-editor.org/info/rfc8200>. <https://www.rfc-editor.org/info/rfc8200>.
9.2. Informative References [RFC9341] Fioccola, G., Ed., Cociglio, M., Mirsky, G., Mizrahi, T.,
and T. Zhou, "Alternate-Marking Method", RFC 9341,
[I-D.chen-pce-pcep-ifit] DOI 10.17487/RFC9341, December 2022,
Yuan, H., Zhou, T., Li, W., Fioccola, G., and Y. Wang, <https://www.rfc-editor.org/info/rfc9341>.
"Path Computation Element Communication Protocol (PCEP)
Extensions to Enable IFIT", Work in Progress, Internet-
Draft, draft-chen-pce-pcep-ifit-06, 4 February 2022,
<https://www.ietf.org/archive/id/draft-chen-pce-pcep-ifit-
06.txt>.
[I-D.fz-spring-srv6-alt-mark] [RFC9342] Fioccola, G., Ed., Cociglio, M., Sapio, A., Sisto, R., and
Fioccola, G., Zhou, T., and M. Cociglio, "Segment Routing T. Zhou, "Clustered Alternate-Marking Method", RFC 9342,
Header encapsulation for Alternate Marking Method", Work DOI 10.17487/RFC9342, December 2022,
in Progress, Internet-Draft, draft-fz-spring-srv6-alt- <https://www.rfc-editor.org/info/rfc9342>.
mark-03, 5 August 2022, <https://www.ietf.org/archive/id/
draft-fz-spring-srv6-alt-mark-03.txt>.
[I-D.ietf-6man-hbh-processing] 8.2. Informative References
Hinden, R. M. and G. Fairhurst, "IPv6 Hop-by-Hop Options
Processing Procedures", Work in Progress, Internet-Draft,
draft-ietf-6man-hbh-processing-02, 23 August 2022,
<https://www.ietf.org/archive/id/draft-ietf-6man-hbh-
processing-02.txt>.
[I-D.ietf-idr-sr-policy-ifit] [BGP-SR-POLICY-IFIT]
Qin, F., Yuan, H., Yang, S., Zhou, T., and G. Fioccola, Qin, F., Yuan, H., Yang, S., Zhou, T., and G. Fioccola,
"BGP SR Policy Extensions to Enable IFIT", Work in "BGP SR Policy Extensions to Enable IFIT", Work in
Progress, Internet-Draft, draft-ietf-idr-sr-policy-ifit- Progress, Internet-Draft, draft-ietf-idr-sr-policy-ifit-
04, 7 July 2022, <https://www.ietf.org/archive/id/draft- 05, 24 October 2022,
ietf-idr-sr-policy-ifit-04.txt>. <https://datatracker.ietf.org/doc/html/draft-ietf-idr-sr-
policy-ifit-05>.
[I-D.ietf-v6ops-hbh] [HBH-OPTIONS-PROCESSING]
Peng, S., Li, Z., Xie, C., Qin, Z., and G. Mishra, Hinden, R. M. and G. Fairhurst, "IPv6 Hop-by-Hop Options
Processing Procedures", Work in Progress, Internet-Draft,
draft-ietf-6man-hbh-processing-04, 21 October 2022,
<https://datatracker.ietf.org/doc/html/draft-ietf-6man-
hbh-processing-04>.
[PCEP-IFIT]
Yuan, H., 王雪荣, Yang, P., Li, W., and G. Fioccola, "Path
Computation Element Communication Protocol (PCEP)
Extensions to Enable IFIT", Work in Progress, Internet-
Draft, draft-ietf-pce-pcep-ifit-01, 3 August 2022,
<https://datatracker.ietf.org/doc/html/draft-ietf-pce-
pcep-ifit-01>.
[PROC-HBH-OPT-HEADER]
Peng, S., Li, Z., Xie, C., Qin, Z., and G. S. Mishra,
"Operational Issues with Processing of the Hop-by-Hop "Operational Issues with Processing of the Hop-by-Hop
Options Header", Work in Progress, Internet-Draft, draft- Options Header", Work in Progress, Internet-Draft, draft-
ietf-v6ops-hbh-01, 18 April 2022, ietf-v6ops-hbh-02, 21 October 2022,
<https://www.ietf.org/archive/id/draft-ietf-v6ops-hbh- <https://datatracker.ietf.org/doc/html/draft-ietf-v6ops-
01.txt>. hbh-02>.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
December 2005, <https://www.rfc-editor.org/info/rfc4301>. December 2005, <https://www.rfc-editor.org/info/rfc4301>.
[RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme, [RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme,
"IPv6 Flow Label Specification", RFC 6437, "IPv6 Flow Label Specification", RFC 6437,
DOI 10.17487/RFC6437, November 2011, DOI 10.17487/RFC6437, November 2011,
<https://www.rfc-editor.org/info/rfc6437>. <https://www.rfc-editor.org/info/rfc6437>.
skipping to change at page 23, line 19 skipping to change at line 1033
[RFC8799] Carpenter, B. and B. Liu, "Limited Domains and Internet [RFC8799] Carpenter, B. and B. Liu, "Limited Domains and Internet
Protocols", RFC 8799, DOI 10.17487/RFC8799, July 2020, Protocols", RFC 8799, DOI 10.17487/RFC8799, July 2020,
<https://www.rfc-editor.org/info/rfc8799>. <https://www.rfc-editor.org/info/rfc8799>.
[RFC8915] Franke, D., Sibold, D., Teichel, K., Dansarie, M., and R. [RFC8915] Franke, D., Sibold, D., Teichel, K., Dansarie, M., and R.
Sundblad, "Network Time Security for the Network Time Sundblad, "Network Time Security for the Network Time
Protocol", RFC 8915, DOI 10.17487/RFC8915, September 2020, Protocol", RFC 8915, DOI 10.17487/RFC8915, September 2020,
<https://www.rfc-editor.org/info/rfc8915>. <https://www.rfc-editor.org/info/rfc8915>.
[SRv6-AMM] Fioccola, G., Zhou, T., and M. Cociglio, "Segment Routing
Header encapsulation for Alternate Marking Method", Work
in Progress, Internet-Draft, draft-fz-spring-srv6-alt-
mark-03, 5 August 2022,
<https://datatracker.ietf.org/doc/html/draft-fz-spring-
srv6-alt-mark-03>.
Acknowledgements
The authors would like to thank Bob Hinden, Ole Troan, Martin Duke,
Lars Eggert, Roman Danyliw, Alvaro Retana, Eric Vyncke, Warren
Kumari, Benjamin Kaduk, Stewart Bryant, C. A. Wood, Yoshifumi
Nishida, Tom Herbert, Stefano Previdi, Brian Carpenter, Greg Mirsky,
and Ron Bonica for their valuable comments and suggestions.
Authors' Addresses Authors' Addresses
Giuseppe Fioccola Giuseppe Fioccola
Huawei Huawei
Riesstrasse, 25 Riesstrasse, 25
80992 Munich 80992 Munich
Germany Germany
Email: giuseppe.fioccola@huawei.com Email: giuseppe.fioccola@huawei.com
Tianran Zhou Tianran Zhou
 End of changes. 154 change blocks. 
569 lines changed or deleted 562 lines changed or added

This html diff was produced by rfcdiff 1.48.